NetBSD Problem Report #56196

From www@netbsd.org  Sat May 22 15:32:42 2021
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 01D0F1A929C
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 22 May 2021 15:32:42 +0000 (UTC)
Message-Id: <20210522153240.5552D1A929E@mollari.NetBSD.org>
Date: Sat, 22 May 2021 15:32:40 +0000 (UTC)
From: thorpej@me.com
Reply-To: thorpej@me.com
To: gnats-bugs@NetBSD.org
Subject: ssh-keygen dumps core on Qemu Alpha virtual machines
X-Send-Pr-Version: www-1.0

>Number:         56196
>Category:       port-alpha
>Synopsis:       ssh-keygen dumps core on Qemu Alpha virtual machines
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    thorpej
>State:          feedback
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat May 22 15:35:00 +0000 2021
>Closed-Date:    
>Last-Modified:  Wed Jul 07 12:34:54 +0000 2021
>Originator:     Jason Thorpe
>Release:        NetBSD 9.99.82
>Organization:
RISCy Business
>Environment:
NetBSD alpha-vm 9.99.82 NetBSD 9.99.82 (GENERIC-$Revision: 1.410 $) #2: Sat May 22 08:06:26 PDT 2021  thorpej@the-ripe-vessel:/space/src/sys/arch/alpha/compile/GENERIC alpha
>Description:
ssh-keygen crashes when creating the RSA host key on NetBSD/alpha running under Qemu.  I don't know if this happens on real hardware.

Reading symbols from /usr/bin/ssh-keygen...
(No debugging symbols found in /usr/bin/ssh-keygen)
[New process 998]
Core was generated by `ssh-keygen'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000003fffdcf0d08 in BN_CTX_start () from /usr/lib/libcrypto.so.14
(gdb) where
#0  0x000003fffdcf0d08 in BN_CTX_start () from /usr/lib/libcrypto.so.14
warning: Hit heuristic-fence-post without finding enclosing function for address 0x3fffdd4bdce


Added some debugging messages to get the exact arguments being passed to ssh-keygen:

/usr/bin/ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N  -q
ssh-keygen: 1024 SHA256:4NCLqKx+CGyYIs2vyvzM3mkTLmHvh+dHqt/wd0hJWhk root@alpha-vm (DSA)
/usr/bin/ssh-keygen -t ecdsa -b 521 -f /etc/ssh/ssh_host_ecdsa_key -N  -q
ssh-keygen: 521 SHA256:BSfmj5WuI+3H7Vbe6EEQ3uT5lMUG+J6RnEkIILxrUpc root@alpha-vm (ECDSA)
/usr/bin/ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N  -q
ssh-keygen: 256 SHA256:7waQ1e+WY2kQsiUzfpw0yDXjF7DdLX9QSxHU/kBe+fs root@alpha-vm (ED25519)
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N  -q
[  28.9988173] pid 1151 (ssh-keygen): unaligned access: va=0x37 pc=0x0 ra=0x3fffdc98fec sp=0x1fffff0b8 op=ldl
[1]   Segmentation fault (core dumped) "${keygen}" -t "${type}" ${bitarg} -f "${f}" -...
/etc/rc.d/sshd exited with code 1

This happens 100% reliably **but only when the system is initially booting**.  After the system has finished booting and I log in as root on the console:

alpha-vm# /etc/rc.d/sshd start
/usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N  -q
ssh-keygen: 3072 SHA256:StODHaqOFh38PjOhh4ppNkgbWUQ1GmXBoTQeIKaOQR0 root@alpha-vm (RSA)
Starting sshd.
alpha-vm# 

>How-To-Repeat:
See above.
>Fix:
N/A

>Release-Note:

>Audit-Trail:
From: Rin Okuyama <rokuyama.rk@gmail.com>
To: "gnats-bugs@NetBSD.org" <gnats-bugs@NetBSD.org>
Cc: 
Subject: Re: port-alpha/56196 (ssh-keygen dumps core on Qemu Alpha virtual
 machines)
Date: Wed, 7 Jul 2021 14:49:08 +0900

 I cannot reproduce this problem on real hardware (DS10);
 ssh keys are successfully generated during boot.

Responsible-Changed-From-To: port-alpha-maintainer->thorpej
Responsible-Changed-By: thorpej@NetBSD.org
Responsible-Changed-When: Wed, 07 Jul 2021 12:34:54 +0000
Responsible-Changed-Why:
Take.


State-Changed-From-To: open->feedback
State-Changed-By: thorpej@NetBSD.org
State-Changed-When: Wed, 07 Jul 2021 12:34:54 +0000
State-Changed-Why:
This may be fixed after recent library / Qemu fixes.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.